I have everything configured following the documents I found online. I see from the user-id logs the BF is being exchanged with the FW. My users login using pre-win2000 id's. (LNameFI) Verified by monitoring the id's and IP's in User-id app. So now to try testing. Most sites today require a long ID. Usually your email address. I went to a site that would match my category setup in the firewall and created a new account. I then logged into the site using my creds. No alerts or warning messages. I actually have the category set to 'Continue'.
My thought is the pre-2000 login and my email address are not the same thing so no match. Can you direct User-ID Cred. to use an AD attribute? After all this setup I doubt I will catch many people using LNameFi as a login on the web. Or do I have a configuration issue and that's why it's not triggering. Please let me know what I should look at. Is it my config or just because the way we log into machines?
The username in use shouldn't matter.
All submitted credentials, which are mapped via user-id to that ad-user will be checked against credential submission.
Another requirement is, that you have tls-decryption enabled - you can e.g. test this on the german train site db.de in the login area.
Works fine with me
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!